X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/ff044920428608b2c04507ad52d6ab52c9d6555f..20c5d203c6752f9fb6059a8b003c6848d65c0c3a:/cookbooks/piwik/recipes/default.rb

diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb
index d711930a1..483a348cb 100644
--- a/cookbooks/piwik/recipes/default.rb
+++ b/cookbooks/piwik/recipes/default.rb
@@ -1,14 +1,14 @@
 #
-# Cookbook Name:: piwik
+# Cookbook:: piwik
 # Recipe:: default
 #
-# Copyright 2011, OpenStreetMap Foundation
+# Copyright:: 2011, OpenStreetMap Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,43 +17,72 @@
 # limitations under the License.
 #
 
-include_recipe "apache::ssl"
+include_recipe "apache"
+include_recipe "geoipupdate"
 include_recipe "mysql"
+include_recipe "php::fpm"
 
 passwords = data_bag_item("piwik", "passwords")
 
-package "php5"
-package "php5-cli"
-package "php5-curl"
-package "php5-mysql"
-package "php5-gd"
+package %w[
+  php-cli
+  php-curl
+  php-mbstring
+  php-mysql
+  php-gd
+  php-xml
+  php-apcu
+]
 
-package "php-apc"
-
-package "geoip-database-contrib"
-
-apache_module "php5"
-apache_module "geoip"
+apache_module "expires"
+apache_module "rewrite"
 
 version = node[:piwik][:version]
 
+geoip_directory = node[:geoipupdate][:directory]
+
 directory "/opt/piwik-#{version}" do
   owner "root"
   group "root"
   mode "0755"
 end
 
-remote_file "/tmp/piwik-#{version}.zip" do
-  source "http://builds.piwik.org/piwik-#{version}.zip"
-  not_if { File.exist?("/opt/piwik-#{version}/piwik") }
+remote_file "#{Chef::Config[:file_cache_path]}/piwik-#{version}.zip" do
+  source "https://builds.matomo.org/piwik-#{version}.zip"
+  not_if { ::File.exist?("/opt/piwik-#{version}/piwik") }
+end
+
+archive_file "#{Chef::Config[:file_cache_path]}/piwik-#{version}.zip" do
+  destination "/opt/piwik-#{version}"
+  overwrite true
+  owner "root"
+  group "root"
+  not_if { ::File.exist?("/opt/piwik-#{version}/piwik") }
 end
 
-execute "unzip-piwik-#{version}" do
-  command "unzip -q /tmp/piwik-#{version}.zip"
+node[:piwik][:plugins].each do |plugin_name, plugin_version|
+  next if plugin_version.nil?
+
+  remote_file "#{Chef::Config[:file_cache_path]}/piwik-#{plugin_name}-#{plugin_version}.zip" do
+    source "https://plugins.matomo.org/api/2.0/plugins/#{plugin_name}/download/#{plugin_version}"
+  end
+
+  archive_file "#{Chef::Config[:file_cache_path]}/piwik-#{plugin_name}-#{plugin_version}.zip" do
+    action :nothing
+    destination "/opt/piwik-#{version}/piwik/plugins"
+    overwrite true
+    owner "root"
+    group "root"
+    subscribes :extract, "remote_file[#{Chef::Config[:file_cache_path]}/piwik-#{plugin_name}-#{plugin_version}.zip]", :immediately
+  end
+end
+
+execute "/opt/piwik-#{version}/piwik/piwik.js" do
+  command "gzip -k -9 /opt/piwik-#{version}/piwik/piwik.js"
   cwd "/opt/piwik-#{version}"
   user "root"
   group "root"
-  not_if { File.exist?("/opt/piwik-#{version}/piwik") }
+  not_if { ::File.exist?("/opt/piwik-#{version}/piwik/piwik.js.gz") }
 end
 
 directory "/opt/piwik-#{version}/piwik/config" do
@@ -69,7 +98,7 @@ template "/opt/piwik-#{version}/piwik/config/config.ini.php" do
   mode "0644"
   variables :passwords => passwords,
             :directory => "/opt/piwik-#{version}/piwik",
-            :plugins => node[:piwik][:plugins]
+            :plugins => node[:piwik][:plugins].keys.sort
 end
 
 directory "/opt/piwik-#{version}/piwik/tmp" do
@@ -78,9 +107,27 @@ directory "/opt/piwik-#{version}/piwik/tmp" do
   mode "0755"
 end
 
+directory "/opt/piwik-#{version}/piwik/tmp/assets" do
+  owner "www-data"
+  group "mysql"
+  mode "0750"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-ASN.mmdb" do
+  to "#{geoip_directory}/GeoLite2-ASN.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-City.mmdb" do
+  to "#{geoip_directory}/GeoLite2-City.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-Country.mmdb" do
+  to "#{geoip_directory}/GeoLite2-Country.mmdb"
+end
+
 link "/srv/piwik.openstreetmap.org" do
   to "/opt/piwik-#{version}/piwik"
-  notifies :restart, "service[apache2]"
+  notifies :restart, "service[php#{node[:php][:version]}-fpm]"
 end
 
 mysql_user "piwik@localhost" do
@@ -91,13 +138,21 @@ mysql_database "piwik" do
   permissions "piwik@localhost" => :all
 end
 
+ssl_certificate "piwik.openstreetmap.org" do
+  domains ["piwik.openstreetmap.org", "piwik.osm.org"]
+  notifies :reload, "service[apache2]"
+end
+
+php_fpm "piwik.openstreetmap.org" do
+  prometheus_port 9253
+end
+
 apache_site "piwik.openstreetmap.org" do
   template "apache.erb"
 end
 
-template "/etc/cron.d/piwiki" do
-  source "cron.erb"
-  owner "root"
-  group "root"
-  mode "0644"
+cron_d "piwik" do
+  minute "5"
+  user "www-data"
+  command "/usr/bin/php /srv/piwik.openstreetmap.org/console core:archive --quiet --url=https://piwik.openstreetmap.org/"
 end